About Us:
At Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. But our company is more than datasets, lines of code or A/B tests. We’re the thrill of the first night in a new place. The excitement of the next morning. The friends you encounter. The journeys you take. The sights you see. And the memories you make. Through our products, partners and people, we make it easier for everyone to experience the world.
Role Description:
The Senior Security Architect exists to make it easier for engineers to build secure, resilient systems without slowing delivery down. Reporting to the Director of Architecture, the role leads the security architecture domain within Tech Standards.
Tech Standards is the central architecture capability that turns Booking.com's enterprise architecture direction into practical principles, guidance, sensible defaults, and reusable patterns. Its purpose is to reduce cognitive load for engineering teams, make good technical choices easier to apply, and help Business Units move faster with confidence.
The role works closely with Security, SRE, Business Unit architects, and engineering teams to ensure security expectations are clear, actionable, and embedded into how software is designed, built, and run. It is not a gatekeeper role. It is an enablement role, focused on making secure engineering the default path.
A core part of the role is helping define the security non-functional requirements that form part of Booking.com's architecture guidance, in close partnership with the Security organisation. Success depends on combining deep security architecture expertise with the ability to influence senior technical communities, make trade-offs clear, and help teams adopt better security practices in real delivery work.
**Key Job Responsibilities and Duties: **
- Own the security architecture domain within Tech Standards, aligned with the Director of Architecture's enterprise architecture direction.
- Translate Booking.com's Tech Guiding Principles into practical security architecture guidance, patterns, and defaults that reduce friction for engineering teams.
- Work with the Security organisation to shape security non-functional requirements that are clear, practical, and usable by engineering teams.
- Turn security requirements, policies, and audit findings into architecture guidance and reference patterns that teams can apply without unnecessary manual gates.
- Partner with Business Unit architects, engineering leaders, Security, and SRE to make security guidance relevant to real delivery needs.
- Provide a strategic enterprise view of security architecture across identity, access, data protection, network security, application security, resilience, infrastructure, and cloud security.
- Champion shift-left security by embedding security thinking into the software development lifecycle and product delivery lifecycle.
- Define practical patterns for zero-trust architecture and help teams adopt them in ways that fit Booking.com's technology estate.
- Help teams understand the trade-offs between security, delivery speed, resilience, complexity, and operational cost.
- Coach and mentor architects and engineering communities so security architecture becomes easier to understand and apply.
Qualifications & Skills:
- Significant experience in technology, with strong experience in security architecture at enterprise scale.
- Deep understanding of enterprise security domains, including identity and access management, data protection, network security, application security, infrastructure security, and cloud security.
- Proven ability to design security architecture that works in large, distributed engineering organisations.
- Experience shaping security non-functional requirements, architectural guidance, reference patterns, and technical guidance.
- Strong understanding of zero-trust principles and how to apply them pragmatically in complex technology environments.
- Experience with security regulations, audit expectations, and risk management, with the judgment to turn requirements into scalable engineering practices.
- Strong understanding of software delivery, developer workflows, and how security can be embedded into the SDLC without creating unnecessary manual gates.
- Credibility with senior engineers, architects, security specialists, and SRE teams, with the ability to influence without direct authority.
- Clear communicator who can explain complex security topics in practical terms for technical and non-technical audiences.
- Pragmatic judgment, with the ability to focus on the biggest risks and avoid chasing theoretical consistency everywhere.
- Relevant security certifications, such as CISSP-ISSAP, GDSA, CCZT, CISM, or cloud security certifications, are helpful but not required.
Benefits & Perks - Global Impact, Personal Relevance:
Booking.com’s Total Rewards Philosophy is not only about compensation but also about benefits. We offer a competitive compensation and benefits package, as well unique-to-Booking.com benefits which include:
- Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
- Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
- Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
- Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
- Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
- Working in a fast-paced and performance driven culture
- Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
- Promote and drive impactful and innovative engineering solutions
- Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
- Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com
**Diversity, Equity and Inclusion (DEI) at Booking.com: **
Diversity, Equity & Inclusion have been a core part of our company culture since day one. This ongoing journey starts with our very own employees, who represent over 140 nationalities and a wide range of ethnic and social backgrounds, genders and sexual orientations.
Take it from our Chief People Officer, Paulo Pisano: “At Booking.com, the diversity of our people doesn’t just build an outstanding workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It’s a place where you can make your mark and have a real impact in travel and tech.”
We ensure that colleagues with disabilities are provided the adjustments and tools they need to participate in the job application and interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.
**Application Process: **
This section should provide:
- Let’s go places together: How we Hire
- This role does not come with relocation assistance.
Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.